https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f8a6542b15efa996d672609e651485f50310a6c0
commit f8a6542b15efa996d672609e651485f50310a6c0 Author: David L Bean <[email protected]> AuthorDate: Mon Jul 24 13:18:16 2023 -0400 Commit: Thomas Faber <[email protected]> CommitDate: Sun Jul 30 16:52:55 2023 -0400 [IP] Don't reference uninitialized PCB to avoid BSOD. CORE-18982 transport calls to LibTCPConnect that suffer certain early failures like parameter errors or early route lookup failures return without initializing the pcb. In order to avoid later BSOD's this change clears the ConnectionRequest bucket in those cases. --- drivers/network/tcpip/ip/transport/tcp/tcp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/network/tcpip/ip/transport/tcp/tcp.c b/drivers/network/tcpip/ip/transport/tcp/tcp.c index 3d65e9a46b9..89b9184fdca 100644 --- a/drivers/network/tcpip/ip/transport/tcp/tcp.c +++ b/drivers/network/tcpip/ip/transport/tcp/tcp.c @@ -411,7 +411,13 @@ NTSTATUS TCPConnect Status = TCPTranslateError(LibTCPConnect(Connection, &connaddr, RemotePort)); - + if (!NT_SUCCESS(Status)) + { + LockObject(Connection); + RemoveEntryList(&Bucket->Entry); + UnlockObject(Connection); + ExFreeToNPagedLookasideList(&TdiBucketLookasideList, Bucket); + } TI_DbgPrint(DEBUG_TCP,("[IP, TCPConnect] Leaving. Status = 0x%x\n", Status)); return Status;
